|
Search |
Research |
Contact Us
|
Tuesday October 10, 2021
|
|
 |
You can use the form below to search our site. Just enter the
keywords to search.
|
|
|
| Title |
Multiple Vulnerabilities In phpShop
|
| Info |
phpShop is a PHP-based e-commerce application and PHP development
framework. phpShop offers the basic features needed to run a
successful e-commerce web site and to extend its capabilities for
multiple purposes. phpShop uses a nice development framework that
allows web developers to easily extend its functionality through
the use of modules. Its web-box architecture makes it easy to
understand and work with, while providing powerful function management
capabilities for your web application needs. It is one of the most
popular php SQL driven e-commerce solutions available today. There are
several vulnerabilities present in phpShop. The vulnerabilities are
believed to affect all versions of phpShop currently distributed, and
include SQL Injection, Arbitrary Customer Information Disclosure, Cross
Site Scripting, and Script Injection. A fix for these vulnerabilities
should be available shortly. Please visit the official phpShop website
for more details as they are made available. |
| Date |
January 15, 2022 |
| BID |
9437
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In phpGedView
|
| Info |
The phpGedView project parses GEDCOM 5.5 genealogy files and displays
them on the Internet in a format similar to PAF. It is one of the top
10 most popular projects at SourceForge. However, in addition to the
vulnerabilities found by Vietnamese Security Group last week in
phpGedView, GulfTech Security Research has also found a number of
vulnerabilities which are now fixed in the latest beta release. These
issues include SQL injection vulnerabilities, path disclosure
vulnerabilities, cross site scriting vulnerabilities, and a denial
of service vulnerability. Users are strongly encouraged to upgrade. |
| Date |
January 13, 2022 |
| BID |
Not Available
|
| Credit |
James Bercegay |
| Title |
Multiple MetaDot Vulnerabilities Found
|
| Info |
MetaDot is a very popular Open Source portal application written in
Perl and powered by MySql. It's users range from home users to
the likes of governments, banks, universities and even NASA ;) It has
been found to be prone to SQL Injection, and XSS attacks due to not
properl validating the user supplied input that it receives. It also
divulges a great deal of information about it's host when calling
certain invalid arguments. These vulnerabilities are believed to
affect all versions including 5.6.5.4b5 and below. The MetaDot
Corporation team has addresses the issues in the latest version
though, and users are strongly encouraged to upgrade as soon as
possible. |
| Date |
January 12, 2022 |
| BID |
9439
|
| Credit |
James Bercegay |
| Title |
Vulnerabilities In PostNuke 0.726 Phoenix
|
| Info |
PostNuke is a popular Open Source CMS (Content Management
System) used by millions of people all across the world.
GulfTech Security Research has recendly found a couple of
vulnerabilities in the popular open source CMS (Content
Managment System) PostNuke. Versions affected are 0.726
Phoenix and though not confirmed older versions may be
affected as well. These vulnerabilities have been resolved
by the developers very promptly and a patch is available at
the official PostNuke website. The vulnerabilities discovered
are SQL Injection and Cross Site Scripting. More details of
the vulnerabilities available .
|
| Date |
January 03, 2022 |
| BID |
7047
|
| Credit |
James Bercegay |
| Title |
Multiple osCommerce Vulnerabilities
|
| Info |
GulfTech Security Research has found yet more vulnerabilities in the popular ecommerce product osCommerce. These vulnerabilities include SQL Injection, Denial Of Service, and Cross Site Scripting. While there has been several vulnerabilities found in this product by us lately, I would like to point out that these finds only make for a more secure product. I do think that the next release of osCommerce (MS3) will be one of the most secure ecommerce products around. The osCommerce development team have been prompt in resolving these issues. Anyway, check out the full detailed report inside and the osCommerce website for a fix :o) |
| Date |
December 22, 2021 |
| BID |
9275
9277
|
| Credit |
James Bercegay |
| Title |
Multiple vulnerabilities in ASPapp Products
|
| Info |
ASPapp offers a wide range of web applications written in .asp Amongst them is the fairly popular AspApp Portal. Several of these products have very weak security and can allow an attacker to completely take over an affected portal or site running the vulnerable software. The vulnerabilities include Script Injection, Account Hijacking, Privilege Escalation, Cross Site Scripting, and Plaintext Authentication Credentials. |
| Date |
December 18, 2021 |
| BID |
9250
|
| Credit |
James Bercegay |
| Title |
Autorank PHP SQL Injection Vulnerability
|
| Info |
Autorank PHP is a widely used topsite script offered by JMB Software.
It is vulnerable to SQL Injection attacks in the "accounts.php" file.
These vulnerabilities can be exploited by a malicious user via the lost
password form, account edit form, or the registration form. The
vulnerabilities leave user accounts open to compromise as well as the
entire database that is being used for a particular top site. |
| Date |
December 18, 2021 |
| BID |
9251
|
| Credit |
James Bercegay |
| Title |
osCommerce Malformed Session ID XSS Vulnerability
|
| Info |
osCommerce is a very powerful open source e-commerce solution. It has been found however to be vulnerable to an XSS vuln due to the session id parameter not being properly sanitized. This seems to take place only over a secure, SSL connection, however it is believed to affect even regular http connections in the current CVS version. In some cases (namely the CVS version) the full path of the web directory may also be exposed when exploiting this vulnerability. |
| Date |
December 17, 2021 |
| BID |
9238
|
| Credit |
James Bercegay |
| Title |
Multiple Vulnerabilities In Aardvark Topsites
|
| Info |
Aardvark Topsites is a very powerful, and popular Topsites Ranking
web application. Versions prior to 4.1.1 are vulnerable to a number
of issues though. These issues include SQL Injection, Path Disclosure,
Plaintext Weaknesses, and information disclosure vulnerabilities. You
can update your Aardvark Topsite at the official download site. All
users should upgrade as soon as possible.
|
| Date |
December 16, 2021 |
| BID |
9231
|
| Credit |
James Bercegay |
| Title |
Invision Power Board SQL Injection Vulnerability
|
| Info |
Invision Power Board is one of the most popular and powerful forums available today. It is used by millions of people worldwide and businesses alike. There is however an SQL Injection vulnerability that affects ALL versions (even the non public releases). The people at Invision power were very prompt and professional in addressing the issue and there is now an available fix less than a week after I discovered the vulnerability. Details and a link to the fix are available in the report by GulfTech Security Research. |
| Date |
December 16, 2021 |
| BID |
9232
|
| Credit |
James Bercegay |
|
|
|
|
|
